Recent year's evolution of the Internet has exposed the fact that dependable identification is the foundation for reliable network-based services. As simply providing an identity, such as a customer number or a user name is not enough from a security viewpoint, additional means of authentication must be added to ensure that identities are not misused or spread in an uncontrollable manner. Traditional methods of supplying a username and a secret password, known as static authentication, is nowadays known to be a too weak method of authenticating a remote user as the method is just “static”. Eavesdropping and other means of intercepting the username-password pair immediately gains access to the service and there is no real way to determine that the identity has been compromised. Very basic means of having the user to reveal its username-password pair is known as “Phishing”, where a seemingly genuine message from the service owner asks the user to supply its username and password to a bogus site is surprisingly effective. Other means of “Social Engineering” and the simple reality that username/password pairs can by a high degree of certainty be guessed or broken by “Brute force” methods.
In order to address the issues with static authentication, several schemes of dynamic authentication have been developed, including several means requiring an external “token”, i.e. a small portable card, key-fob or other device which is capable of generating “passwords” that change every time they are used, i.e. replacing a static scheme with a dynamic one.
There is also a common understanding today recognizing that what is known as “Two factor authentication” is an effective way to increase the strength of the identification process as the user must have something physical and also know a secret to conduct a transaction. The requirement of having a physical device adds another dimension of security as the singularity of an identity can be more easily enforced. If the physical device is lost, the user recognizes it and can request to have the credentials for its current device revoked.
Several means of token-based identification and authentication have been introduced to the marked over the years, where the most known is probably the “Smartcard”. By embedding a cryptographic processor and a cryptographic key into a card, a bi-directional process known as challenge-response can be used where the password in a trivial description is made dynamic in a scheme known to the service provider only. This scheme effectively thwarts traditional means of intercepting a static password and later replaying it. As the initial challenge is issued by the service provider and is “scrambled” by the cryptographic processor in the user's token, recording of the response does not make sense as it will not work for subsequent challenges.
Although the Smartcard at first glance seems like the perfect solution for remote identification, it has been shown that it is fairly difficult and expensive to implement in a practical setting. Apart from the cost of the actual hardware and its deployment, the integration issues found on the client-side is often a more challenging problem. Although there is a certain level of conformity in the operating systems and computer hardware in an average user population, the number of permutation and the apparent differences between different systems and versions of hardware and software is very large. Further, integration and interaction between the service and the user's web-browser or client application software is somewhat open to non-standard implementations. Yet further, more or less complicated installation procedures of software drivers is usually required, which by certain percentages restrict users from installing it and by awkwardness limits the attractiveness from a user's point of view. From a cost of deployment and cost of ownership perspective, the largely unknown and uncertain cost- and support burdens often scares service owners away from this otherwise attractive solution.
The above described shortcomings and awkwardness of Smartcard deployment have created a marked for authentication devices working off-line. By not requiring a direct connection to the client computer, the incompatibility problems can largely be avoided at the expense of more user interaction and a less automated challenge-response scheme. Although several different varieties exist, they generally are capable of creating a dynamic password only, with or without a previous challenge that needs to be entered into the device. As this process is manual by nature, the number of interactions with the device has to be held down to a minimum. Further, as digits needs to be typed in, one by one, the number of digits used in the process needs to be kept at a minimum as well, which in turns requires more complicated processes to be used to reduce the risk of cryptanalysis of intercepted codes being sent. This scheme typically requires a time-variant code which needs to be maintained by the device and the server needs to synchronize this at each authentication event. This in turn puts some requirements of the stability of the device's time base and further requires that the device must have a battery to maintain the time base. Needless to say, this adds additional problems and potential sources of errors.
The usage of biometrics, such as fingerprint scanning, has in recent years been recognized as a convenient and secure method of identification and authentication. However, as the scanned biometric data is no identification per se, typically an additional identification code needs to be supplied so that the biometric data can be matched to a pre-stored biometric template paired with that identification code. It can then be argued that the static nature of the biometric data would make it no more secure than a static password. Further, as there is an overall concern regarding the personal integrity when supplying a biometric template as the biometric data cannot be revoked and will therefore have an unlimited lifetime. In settings where the matching of the biometric data is performed integral in a device and there is only one or a few user for that device, this problem can be avoided. In practical settings, this has been used to gain access to personal items, such as laptop computers and alike. From both a convenience- and security perspective, this is a fairly attractive solution as no identification needs to be supplied and the biometric data is stored, scanned and matched in the device itself. This in turn avoids the biometric template to be spread and the stored template can be deleted at any time.
In summary, it would be desirable to have a system which gives a more favorable compromise between the simplicity of the username-password scheme, the security of the Smartcard scheme and the portability of the off-line token scheme, all available at a low overall cost. Further, in certain settings, the convenience and speed of supplying a simple fingerprint without transmitting the biometric template could be desired.